Cloud systems are increasingly being used to process and store personal data, passwords or sensitive information. This creates the risk of strangers gaining access to this data or misusing this content for criminal purposes. Zero Knowledge is a principle that ensures the security of this content. We explain the importance of the method and how data in the cloud remains protected by Zero Knowledge.
What is Zero Knowledge?
At TeamDrive, the principle of Zero Knowledge stands for the security of customer data and stored content in the cloud. This means that the cloud service provider has no knowledge of the data and information stored in the cloud. This results in absolute confidentiality, which is also permanently guaranteed.
Zero knowledge can be translated into the German language as no knowledge. The principle goes back to a cryptographic method developed in the 1980s. In this context, the term zero-knowledge-proof is often used. The method meets high standards with regard to the security of data.
Zero-knowledge proof: How does the method work?
The principle on which zero-knowledge proof is based is easy to explain. An example helps to illustrate the facts. There are two persons: Person A and Person B.
- Person A as the prover
- Person B as verifier
Person A is in the position of the prover and wants to show another person B that he or she has certain knowledge. This knowledge is, for example, a password. Person A therefore needs a method for this step so that person B as verifier evaluates the statement as correct. Such a method must fulfill two properties:
- The method works permanently, i.e. it is always successful for both the prover and the verifier.
- Person B never finds out the secret knowledge.
In the example used, it is conceivable that person A suggests to person B to log on to the computer with a password. Person B has the secret password, but does not know its composition. The procedure then works in such a way that person B first checks whether the computer is locked or whether person A is already logged in.
Person A then types in the password without person B watching. Only after entering the login data does person B check the computer again and find that it is unlocked and person A has been logged into the system. Person B now also knows that person A knows the secret password.
The problem with a zero-knowledge procedure is that in theory the proof is only valid for one person – in this case for person B. If another person C now also needs the information that person A knows a password, the zero-knowledge procedure must run again.
Areas of application for zero-knowledge proofs
Researchers and developers have long been looking for practical options to implement zero-knowledge protocols after the method first became available in the 1980s. Meanwhile, cryptocurrency providers are using the principle to step out of anonymity. One example is the cryptocurrency Zcash, which operates a function called zk-SNARKs, which has zero proof properties.
In the case of the best-known cryptocurrency Bitcoin, the recipient address and sender address of the users and the amount transferred in each case are openly available in the blockchain. This means that goods purchased with Bitcoin can potentially be identified via external exit points if users consistently use the same sender address. With Zcash, zk-SNARKs anonymizes the transaction through a private key. The encryption protects the cryptocurrency itself from outside access.
Zero Knowledge in Cloud Computing
Providers of cloud computing services such as TeamDrive use the term Zero Knowledge to explain the type of encryption. Cloud services use various encryption methods such as end-to-end encryption to make the communication between the cloud and the user secure.
TeamDrive already encrypts customers’ data on their PC or smartphone and only then uploads it to the cloud. This means that the information is already encrypted and protected from unauthorized access when it is transferred to the online service.
Strong AES encryption with AES-256 is used, which is additionally combined with asymmetric encryption. Here, public-private key pairs with an RSA-3072 procedure complement the cryptographic protection.
This encryption rate is so high that even high-performance computers and server farms with current state of the art technology are not able to decrypt it using the brute force method. TeamDrive’s zero-knowledge protocol is designed in such a way that the keys are only available on the users’ devices. As the provider and operator of the cloud services, TeamDrive owns neither the keys themselves nor a copy of them. Thus, no one other than the users themselves are able to decrypt the uploaded files in the cloud.
It is recommended not only to leave one’s own key on the computer, but also to back it up as a copy. This not only provides a digital backup, but also a second level of security. TeamDrive’s systems are also designed in such a way that no metadata is transmitted and stored unencrypted. This is an advantage compared to other cloud services. Although these also offer secure methods for encrypting data, they still access metadata. This includes, for example, file names, file sizes and personal data such as sender and recipient.
TeamDrive deliberately refrains from storing this information, which significantly increases data security for users of a TeamDrive solution.
Zero Knowledge Principle: Advantages and Disadvantages in the Cloud
Using zero knowledge for a cloud system is obvious because of the advantages it offers. Thanks to full end-to-end encryption and non-stored metadata, TeamDrive offers its users a high level of security and confidentiality for their data.
However, this also means that the data in the cloud is not readable. Users cannot access and edit the data via web access or web view. Instead, the files can be uploaded to an end device in order to edit them there. The provision of such end-points is virtual and they are operated via a web browser.
It is equally true for all zero-knowledge systems that access to the data in the cloud is no longer possible if the key is lost. However, this minimal restriction can be tolerated, because only in this way can the zero-knowledge principle be consistently implemented in the entire TeamDrive cloud architecture. In order to avoid loss, TeamDrive supports users with various options for easily securing personal keys.